arXiv: Your Privacy My Cloak: Backdoor Attacks on Differentially Private Federated Learning

This paper, published on arXiv in June 2026, presents a new class of security vulnerability specifically targeting differentially private federated learning systems. The authors demonstrate that an attacker can inject a backdoor into a shared machine learning model even when differential privacy protections are active, effectively bypassing the privacy guarantees that are meant to prevent data leakage and model manipulation. This is a significant finding because differential privacy is a cornerstone technique used to comply with data protection regulations like the GDPR and the EU AI Act, particularly in sectors handling sensitive personal data.

The primary organizations affected are those deploying federated learning in regulated environments, including financial services, healthcare, and any EU entity using collaborative AI models across multiple data silos. Any compliance team relying on differential privacy as a technical safeguard for data subject rights or model robustness should consider this a material risk. The vulnerability undermines the assumption that privacy-preserving techniques automatically ensure model integrity.

Compliance teams should immediately review their AI risk assessments and technical documentation to determine if their models use differentially private federated learning. If so, they must engage their data science and security teams to evaluate the specific implementation against the attack vectors described in this paper. This may require updating internal model validation procedures, adding adversarial testing to the compliance checklist, and documenting this new risk in the mandatory transparency reports required under the EU AI Act.